5 matches found
CVE-2023-46347
creationtimestamp| type| source ---|---|--- 2025-03-27 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-03-27 2025-07-07 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-07-07 2026-06-19 12:46:01+00:00| exploited|...
CVE-2023-46347
In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46347
In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46347
In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46347
The CVE-2023-46347 entry concerns the PrestaShop module ndk_steppingpack (Step by Step products Pack) up to version 1.5.6. Affected component: NdkSpack::getPacks() performs sensitive SQL calls, enabling unauthenticated SQL injection via a trivial HTTP request. Impact is high (CVE metrics list Con...